# Report 2022-01

## News

 - [Cookies: the CNIL fines GOOGLE a total of 150 million euros and FACEBOOK 60 million euros for non-compliance with French legislation](https://www.cnil.fr/en/cookies-cnil-fines-google-total-150-million-euros-and-facebook-60-million-euros-non-compliance)
 - [SlimPay fined €180k after 12 million customers' bank data publicly accessible for 5 years](https://www.theregister.com/2022/01/04/slimpay_breach_fine/)
 - [German police under fire for misuse of COVID contact tracing app](https://www.dw.com/en/german-police-under-fire-for-misuse-of-covid-contact-tracing-app/a-60393597)
 - [This Private Equity Firm Is Amassing Companies That Collect Data on America’s Children](https://themarkup.org/machine-learning/2022/01/11/this-private-equity-firm-is-amassing-companies-that-collect-data-on-americas-children)
 - [Austrian DSB: Use of Google Analytics violates "Schrems II" decision by CJEU.](https://noyb.eu/en/austrian-dsb-eu-us-data-transfers-google-analytics-illegal)
 - [Someone Scraped Massive Bank of Personal Data Used by Private Investigators](https://www.vice.com/en/article/pkp3ev/transunion-tlo-scrape-private-investigators)
 - [New campaign aims to stop more encrypted apps](https://www.bbc.co.uk/news/59964656)
 - [The EU Wants Its Own DNS Resolver that Can Block ‘Unlawful’ Traffic](https://torrentfreak.com/the-eu-wants-its-own-dns-resolver-that-can-block-unlawful-traffic-220119)
 - [IRS Will Soon Require Selfies for Online Access](https://krebsonsecurity.com/2022/01/irs-will-soon-require-selfies-for-online-access/)
 - [IAB Europe can’t audit what 1000+ companies that use its TCF system do with our personal data](https://www.iccl.ie/digital-data/iab-europe-cant-audit-what-1000-companies-that-use-its-tcf-system-do-with-our-personal-data)
 - [Many ‚tracking-free‘ apps in iOS secretly track users](https://netzpolitik.org/2022/privacy-labels-fail-many-tracking-free-apps-in-ios-secretly-track-users)
 - [Nothing Sacred: These Apps Reserve The Right To Sell Your Prayers](https://www.buzzfeednews.com/article/emilybakerwhite/apps-selling-your-prayers)
 - [Google accused of ‘deceptive’ location tracking in fresh round of lawsuits](https://www.theguardian.com/technology/2022/jan/24/google-sued-privacy-texas-district-of-columbia)
 - [Researchers use GPU fingerprinting to track users online](https://www.bleepingcomputer.com/news/security/researchers-use-gpu-fingerprinting-to-track-users-online)
 - [Website fined by German court for leaking visitor's IP address via Google Fonts](https://www.theregister.com/2022/01/31/website_fine_google_fonts_gdpr)

## Data Breaches

 - [Broward Health discloses data breach affecting 1.3 million people](https://www.bleepingcomputer.com/news/security/broward-health-discloses-data-breach-affecting-13-million-people/)
 - [UScellular, one of the largest wireless carriers in the US, has disclosed a data breach after the hack suffered in December 2021](https://securityaffairs.co/wordpress/126317/data-breach/uscellular-second-data-breach-2021.html)
 - [FlexBooker discloses data breach, over 3.7 million accounts impacted](https://www.bleepingcomputer.com/news/security/flexbooker-discloses-data-breach-over-37-million-accounts-impacted/)
 - [US online pharmacy Ravkoo links data breach to AWS portal incident](https://www.bleepingcomputer.com/news/security/us-online-pharmacy-ravkoo-links-data-breach-to-aws-portal-incident/)
 - [Goodwill discloses data breach on its ShopGoodwill platform](https://www.bleepingcomputer.com/news/security/goodwill-discloses-data-breach-on-its-shopgoodwill-platform/)
 - [OpenSubtitles Hacked, 7 Million Subscribers’ Details Leaked Online](https://torrentfreak.com/opensubtitles-hacked-7-million-subscribers-details-leaked-online-220119)
 - [International Red Cross hack exposes half a million vulnerable people](https://www.bbc.com/news/world-60060047)
 - [Data breach in Malta: 65.000 € fine for C-Planet](https://noyb.eu/en/data-breach-malta-65000-eu-fine-c-planet)
 - [Vulnerability in PostBus public transport platform exposed customer data](https://portswigger.net/daily-swig/vulnerability-in-postbus-public-transport-platform-exposed-customer-data)

## Paper/Report

 - [PlatformControl: Download and privacy analysis of iOS and Android apps at scale](https://www.platformcontrol.org)
 - [DRAWNAPART: A Device Identification Technique based on Remote GPU Fingerprinting](https://arxiv.org/abs/2201.09956)
 - [Digital Profiling in the Online Gambling Industry](https://crackedlabs.org/en/gambling-data)
 - [Tracking on the Web, Mobile and the Internet-of-Things](https://arxiv.org/abs/2201.10831)
 - [Health Advertising on Facebook: Privacy & Policy Considerations](https://arxiv.org/abs/2201.07263)
